Lucene search

[email protected]CVE-2012-2857

HistoryAug 06, 2012 - 3:55 p.m.

CVE-2012-2857

2012-08-0615:55:01

CWE-399

[email protected]

web.nvd.nist.gov

cve-2012-2857

vulnerability

css

dom

google chrome

denial of service

remote attackers

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

High

0.015 Low

EPSS

Percentile

87.3%

JSON

Use-after-free vulnerability in the Cascading Style Sheets (CSS) DOM implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.

Affected configurations

NVD

Node

appleiphone_osRange≤6.0.2

appleiphone_osMatch6.0

appleiphone_osMatch6.0.1

Node

googlechromeRange≤21.0.1180.59

googlechromeMatch21.0.1180.0

googlechromeMatch21.0.1180.1

googlechromeMatch21.0.1180.2

googlechromeMatch21.0.1180.31

googlechromeMatch21.0.1180.32

googlechromeMatch21.0.1180.33

googlechromeMatch21.0.1180.34

googlechromeMatch21.0.1180.35

googlechromeMatch21.0.1180.36

googlechromeMatch21.0.1180.37

googlechromeMatch21.0.1180.38

googlechromeMatch21.0.1180.39

googlechromeMatch21.0.1180.41

googlechromeMatch21.0.1180.46

googlechromeMatch21.0.1180.47

googlechromeMatch21.0.1180.48

googlechromeMatch21.0.1180.49

googlechromeMatch21.0.1180.50

googlechromeMatch21.0.1180.51

googlechromeMatch21.0.1180.52

googlechromeMatch21.0.1180.53

googlechromeMatch21.0.1180.54

googlechromeMatch21.0.1180.55

googlechromeMatch21.0.1180.56

googlechromeMatch21.0.1180.57

AND

googleframeMatch-

microsoftwindows

Node

googlechromeRange≤21.0.1180.56

googlechromeMatch21.0.1180.0

googlechromeMatch21.0.1180.1

googlechromeMatch21.0.1180.2

googlechromeMatch21.0.1180.31

googlechromeMatch21.0.1180.32

googlechromeMatch21.0.1180.33

googlechromeMatch21.0.1180.34

googlechromeMatch21.0.1180.35

googlechromeMatch21.0.1180.36

googlechromeMatch21.0.1180.37

googlechromeMatch21.0.1180.38

googlechromeMatch21.0.1180.39

googlechromeMatch21.0.1180.41

googlechromeMatch21.0.1180.46

googlechromeMatch21.0.1180.47

googlechromeMatch21.0.1180.48

googlechromeMatch21.0.1180.49

googlechromeMatch21.0.1180.50

googlechromeMatch21.0.1180.51

googlechromeMatch21.0.1180.52

googlechromeMatch21.0.1180.53

googlechromeMatch21.0.1180.54

googlechromeMatch21.0.1180.55

AND

applemac_os_x

linuxlinux_kernel

CPENameOperatorVersion
apple:iphone_osapple iphone osle6.0.2
apple:iphone_osapple iphone oseq6.0
apple:iphone_osapple iphone oseq6.0.1

CPE	Name	Operator	Version
apple:iphone_os	apple iphone os	le	6.0.2
apple:iphone_os	apple iphone os	eq	6.0
apple:iphone_os	apple iphone os	eq	6.0.1

References

code.google.com/p/chromium/issues/detail?id=136235

googlechromereleases.blogspot.com/2012/07/stable-channel-release.html

lists.apple.com/archives/security-announce/2013/Jan/msg00000.html

lists.apple.com/archives/security-announce/2013/Mar/msg00003.html

support.apple.com/kb/HT5642

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15336

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

High

0.015 Low

EPSS

Percentile

87.3%

JSON

Related for CVE-2012-2857

nvd1 debiancve1 prion1 ubuntucve1 cvelist1 nessus13 openvas10 freebsd1 threatpost2 securityvulns5 chrome1 gentoo1